The Chicken and the Pig - Three Security Genres

Tuesday, November 15, 2011

Gabriel Bassett

C70bb5cfd0305c9d18312d92f820c321

A boss once told me, “In a ham and egg breakfast, the chicken is involved, but the pig’s committed”.

With security, there are three separate groups which have fundamentally different views on how to provide security.  Two are involved, one’s committed. 

We can learn a lot by considering how each views security and how integrating all approaches as opposed to focusing on a single one provides better security.

Engineering

First, there are the builders: the engineers, designers, coders, testers, and integrators.  They approach security as something you build.  They expect the attacker to know everything about the system minus some minimal authentication information.  They fix code, secure configurations and repeatedly test to make sure everything is perfectly secured.  They are involved.

Intel/Counter-Intel

They are the sensors and they see security as a sensor: to secure something, hide it.  Intel documents all the places where people didn’t hide things and were consequently compromised. 

Therefore counter-intel believes nothing can be perfectly secured, so instead it is best to do everything in your power to prevent the attacker from gaining information.  The engineers abhor this approach as “security through obscurity”.  Intel and counter-intel are involved.

Operations

They are committed.  Operations receives the output of engineering,  intel, and counter-intel and has to make it work.  Security is not their job; it allows their job to happen. 

As such, they are likely to ignore any security that impedes operations.  They know their systems are imperfect.  They know they can’t prevent information from getting out there. 

Instead, they strive, not to be perfect in either the intel or engineering way, but simply to be better than the attacker.  They solve problems procedurally and will substitute labor for technical solutions, (i.e. incident handling instead of an IPS). 

Any sound security solution needs to have a little of each.  Because operations is committed, all security needs to support them.  However, not all problems are solvable procedurally or with human capital. 

Engineering is required to provide operations the tools they need as well as to provide systems built to slow down the attacker as well as fail gracefully when compromised.  Intel is needed to provide operations information to help them orient and act. 

Counter-intel is needed to help operations slow the loss of information.  Only when all areas are working in concert for the common operational goal, is security realized.

Possibly Related Articles:
8248
Network->General
Information Security
Attacks Network Security Risk Mitigation Intelligence Counter-Intelligence Operations Engineering
Post Rating I Like this!
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.